Vulnerabilities in mina-core and apache-avro #214
Closed
JosteinEntur
started this conversation in
General
Replies: 1 comment 1 reply
-
|
Hello, an issue was previously opened about this vulnerability. TLDR: transitive dependency on a functionnality not used by the plugin. Will keep on updating the direct dependency until it's fixed. Hope it helps :) |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Thank you for the quick answer! That's good to know 👍 |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi!
I'm Jostein Sæle from the Norwegian company Entur. We're using kafka-schema-registry-gradle-plugin 2.3.2, and we've gotten a dependabot alert in GitHub about two critical vulnerabilties, introduced transitively via kafka-schema-registry.
One in Apache MINA Deserialization. Apparently it stems from org.apache.mina:mina-core 2.2.2. We get this message:
The vulnerabilty is: CVE-2024-52046
The other gives a similar message, and apparently stems from org.apache.avro:avro 1.11.3. The vulnerability is: CVE-2024-47561
Any thoughts about these vulnerabilities, and how we could eliminate them?
Thanks!
-Jostein-
Beta Was this translation helpful? Give feedback.
All reactions